<?php
/**
 * <https://y.st./>
 * Copyright © 2018 Alex Yst <mailto:copyright@y.st>
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org./licenses/>.
**/

$xhtml = array(
	'<{title}>' => '<code>iptables</code>, revisited',
	'takedown' => '2017-11-01',
	'<{body}>' => <<<END
<img src="/img/CC_BY-SA_4.0/y.st./weblog/2018/06/22.jpg" alt="Trees reaching over the street" class="framed-centred-image" width="649" height="480"/>
<section id="jobs">
	<h2>Job hunt</h2>
	<p>
		The issues previously preventing me from job hunting have now been cleared up.
		Unfortunately, my break from school is over and I&apos;m busier than ever.
		I may or may not be able to start job hunting before the term ends.
		I really wish my shift leader hadn&apos;t lied to me, telling me they&apos;d make time to teach me to drive.
		I wasn&apos;t dealing with these issues in January, so it&apos;d be great to have gotten the job hunt over with back then.
	</p>
</section>
<section id="iptables">
	<h2><code>iptables</code></h2>
	<p>
		I&apos;m trying a new <code>iptables</code> configuration, using the following commands:
	</p>
	<blockquote>
<pre>sudo iptables --flush OUTPUT
sudo iptables --policy OUTPUT DROP
sudo iptables --append OUTPUT --match owner --uid-owner debian-tor --jump ACCEPT
sudo iptables --append OUTPUT --out-interface lo --jump ACCEPT
sudo iptables --append OUTPUT --out-interface eth1 --destination 10.0.0.0/8 --jump ACCEPT
sudo iptables --append OUTPUT --out-interface eth1 --destination 172.16.0.0/12 --jump ACCEPT
sudo iptables --append OUTPUT --out-interface eth1 --destination 192.168.0.0/16 --jump ACCEPT
sudo iptables --append OUTPUT --jump REJECT
sudo ip6tables --flush OUTPUT
sudo ip6tables --policy OUTPUT DROP
sudo ip6tables --append OUTPUT --match owner --uid-owner debian-tor --jump ACCEPT
sudo ip6tables --append OUTPUT --out-interface lo --jump ACCEPT
sudo ip6tables --append OUTPUT --out-interface eth1 --destination fd00::/8 --jump ACCEPT
sudo ip6tables --append OUTPUT --jump REJECT</pre>
	</blockquote>
	<p>
		It seems to work, but also seems not to work, for allowing access to the local network.
		I&apos;m on a bizarre Wi-Fi router though.
		I can&apos;t be sure that some of the packets I&apos;m trying to send that <strong>*should*</strong> still go through are being blocked by the router and not the firewall.
		I&apos;m going to need to get a used Wi-Fi router when I get a chance to test; I&apos;ll need that router anyway once I get an Internet service line set up, so getting it early won&apos;t cost me any extra cash.
	</p>
</section>
<section id="drudgery">
	<h2>Drudgery</h2>
	<p>
		My professor responded to my philosophy post, ignoring addressing the subject matter I covered, but trying to figure out the nature of the error I ran into with the reading assignment.
		They claimed &quot;some adblocks of [my] browser are blocked&quot;, or maybe the page won&apos;t load because we&apos;re at the beginning of the term.
		They asked me to try the pages (plural) again, and if they still don&apos;t work, to send the $a[URI]s of the pages that aren&apos;t working and they&apos;d try to troubleshoot.
		I made it clear in my initial post though that it was one page that didn&apos;t work, and my screenshot of the error message showed the $a[URI] plain as day.
		Anyway, my response:
	</p>
	<blockquote>
		<p>
			I tried again as you requested, but the error persist.
			It only affects the page at <a href="https://www.thoughtco.com/what-is-pragmatism-250583"><code>https://www.thoughtco.com/what-is-pragmatism-250583</code></a> (as well as the rest of the <code>https://www.thoughtco.com/</code> website), so I was able to read the rest of the reading assignment.
		</p>
		<p>
			I don&apos;t use an ad blocker; I don&apos;t mind advertisements, as long as they&apos;re not those annoying ones that start playing sound when you visit the page and there aren&apos;t so many ads that you can&apos;t even find the main page content (a rarity, but I&apos;ve seen it).
			I even use a very clean browser instance for school-related activities; it doesn&apos;t have any of my usual extensions, such as the tracker blocker.
			Trackers are terrible and built into many ads, causing those ads to end up blocked by the tracker blocker because of their malicious, non-ad-related behaviours, but since I don&apos;t have the tracker blocker installed on that browser instance, no files or pages are blocked on my end.
			My school-use Web browser allows any and all ads, trackers, and everything else.
			Literally, the only extension I installed on that browser instance is a browser theme, giving browser windows a Debian swirl in the corner (as shown in the screenshot in my main post), which doesn&apos;t affect websites.
		</p>
		<p>
			Besides, it&apos;s a <code>403</code> error; a server-side error message saying the user isn&apos;t allowed to view the page.
			An ad blocker cannot cause server-side errors, only client-side errors.
		</p>
	</blockquote>
</section>
<section id="instruction">
	<h2>Driving instruction</h2>
	<p>
		I&apos;m doing better, but it occurred to me today that the instructors&apos; four-lesson package assumes I&apos;ll be practising at home.
		The whole point of paying for lessons in my case though is that I have literally no one to teach me.
		They all crapped out on me.
		I can&apos;t get my own vehicle until I have a license, but I can&apos;t get a license until <strong>*after*</strong> I&apos;ve learned to drive.
		I <strong>*have*</strong> no way to practice at home!
		Not that I&apos;d be getting a vehicle right away anyway ...
		Electric cars are expensive, I refuse to get a fossil-fuel-burning vehicle, and I&apos;d rather not take out a loan for something I really don&apos;t need.
		Anyway, I have one lesson to go, and I doubt it&apos;ll be enough.
		I can learn a lot (if not all) of the rules I&apos;ll need to know for the driving test, but a total of six hours isn&apos;t going to be enough for me to get comfortable behind the wheel, which will be vital for passing that test.
		There&apos;s a good chance I will not only need to take that fifth lesson I&apos;d originally factored into the plan, but completely double the lessons taken, for a total of eight lessons.
	</p>
	<p>
		My next appointment is for Friday at 11:00.
	</p>
</section>
<section id="work">
	<h2>Some toxicity gone</h2>
	<p>
		Remember the toxic shift leader I said had put in their two weeks&apos; notice?
		It seems they&apos;ve now outright quit before those two weeks were up.
		The head manager has asked me to cover a shift they were supposed to have tomorrow.
		I&apos;m getting better at telling people I can&apos;t take on shifts on my days off and I can&apos;t stay late when they ask me on the day that they want me to, but I&apos;m still bad about telling them &quot;no&quot; when they want to extend my shifts on days I already work, provided they give me some notice and ask me the day before.
		So that&apos;s valuable study time lost.
		Oh, well.
		I think I should be able to make it fine this week if I keep on task.
	</p>
</section>
<section id="Minetest">
	<h2>Minetest</h2>
	<p>
		It feels like I haven&apos;t played Minetest in forever.
		I still keep planning for the day I can play again though.
		My job is pretty brainless, so I think about other things while I get my work done.
	</p>
	<p>
		Anyway, in trying to figure out what to do about pine trees, I started breaking down the legacy parts of my tunnel plan.
		The plan is old and has mutated many, many times.
		Each mutation doesn&apos;t necessarily get me to re-evaluate all the planning that has gone into the tunnel plan, either, so useless features could creep in.
		Mainly, I looked at the tunnel wall thickness.
		I plan to build the tunnel walls, ceilings, and floors two metres thick.
		But why?
		Because that&apos;s how the tunnel project has always been.
		But again, why?
		It actually stems from the repeating pattern of the original tunnel (excluding the very first tunnel, which wasn&apos;t a tunnel at all but a bridge).
		Each map block of the tunnel was to have a specific design based on what it needed to connect to.
		That meant that every node in the vertical shafts was the same as the node sixteen above and sixteen below.
		The stairway was two nodes wide, providing a 2<sup>2</sup> landing area between terns, but this still left the stairway being two nodes too long on each side, preventing the pattern from repeating where it needed to.
		To correct for this, the tunnel was padded with an extra node on each side, and to make the horizontal tunnel segments match, they too were padded on the walls, floors, and ceilings.
		It was all about shrinking the inner width of the tunnel!
		With the inclusion of rails as an actual method of transportation, a feature that wasn&apos;t available in older versions of Minetest and Minetest Game, the new route down into the tunnels can&apos;t make use of the feature while still having wide paths leading down.
		The rails behave strangely when made two nodes thick.
		The paths down now can&apos;t repeat unless the walls have been made <strong>*three*</strong> nodes thick!
		I actually gave up the repeating map block plan already, so this thick wall and ceiling feature seems pointless.
		I still want thick floors so as to not have dirt show beneath the tunnel and to allow the inside to be paved with gravel, but shaving a node off from the ceiling gives me more space, doesn&apos;t it?
	</p>
	<p>
		This line of thought turned out to be pointless though.
		Both the jungle trees and the pine trees are problematic, even with both thin ceilings and thing floors, and as I said, I&apos;d like to avoid thin floors.
	</p>
	<p>
		Somehow, I got to thinking about the original purpose of putting plants in the underground.
		It was supposed to be a tree farm, making good use of the tunnel space, while providing something more interesting than walls to look at while travelling.
		Somewhere along the line, the trees became static structures I could even embed into the floors and ceiling if I needed to to make them fit.
		Once embedded in the tunnel&apos;s barrier though, the tree could never be harvested, as re-planting would require ripping apart the ceiling; waiting for the sapling to grow; then re-building the ceiling based on what space the tree ended up.
		I wanted to bring back this lost tree-farming functionality, and there were only two ways to do it: either make the tunnel taller or leave tall tree varieties out of the farm.
	</p>
	<p>
		My latest plans involved decorating the main line tunnels with the two types of plants representing the hubs at either end of that main line.
		This is why the placements of each hub were so important: I needed plants that could share grow lights to share the main line tunnel segments.
		Player-requested tunnel branches would then share the plant theme of whatever main line they branched off of.
		This did leave an anomaly though: no plant theme for tunnels branching not off a main line, but directly off the corner hubs.
		I wasn&apos;t quite sure how to deal with that.
		needing to make six of the main line segments taller than the rest of the tunnel (the four segments with pine trees and the two segments with jungle trees) through a kink in the aesthetics of the tunnel as well, especially with these segments being twice as tall (by incorporating a second map block in height).
	</p>
	<p>
		I&apos;ve come up with a new plan.
		Again.
		This time, plant placement in the mainline tunnels will have nothing to do with the hubs at either end.
		This unintentionally clears up the issue of what plants to put in the player-requested tunnels in the corners of the world.
		The main line tunnels will now be taller, but not a full two map blocks taller.
		They&apos;ll be only tall enough to accommodate the tallest tree, the jungle tree.
		There&apos;ll be unused protected space underneath the main line tunnels in most places, but the tunnel will look nice and some of that protected space underneath the tunnels will be used for various things, such as the cobble landfill, a pile of locked chests full of the extra cobble I&apos;ll end up with.
		The ceiling will only be one node thick.
		It doesn&apos;t need any more thickness than that.
		The floors, however, will be three nodes thick, allowing me to get fancy with the design: from underneath, it&apos;ll all be cobble, from inside, it&apos;ll be gravel and dirt, and there will be a few small holes for crops and irrigation.
		Walls in the main lines will continue to be two nodes thick, allowing for gravel set into the walls at player-requested branches.
		Player-requested branches, however, will only have one-node-thick walls.
		No more thickness is required.
		Player-requested tunnels will retain the original planned height, not the taller height.
		Tall trees will be planted only in the main lines, while shorter trees will be planted only in the player-requested tunnels.
		Bushes and crops will be planted everywhere, sharing grow lights with the trees.
		Within the main line tunnels though, jungle trees will only share grow lights with crops (because the shape of the jungle tree roots interferes with bush growth), while other trees in the main lines will share grow lights only with bushes.
		As the main lines will have a sunk-in floor compared to player-requested branches, the cart rails will actually be on narrow bridges in the main lines, set at the elevation of the floors of the branches.
	</p>
	<p>
		I mentioned non-jungle trees in the main lines instead of just pine trees.
		I took a look at the schematic sizes, and it seems aspen trees are up to fourteen metres high.
		They won&apos;t fit in the twelve-metre-high player-requested tunnels, and will instead need to be placed in the main lines with the jungle trees and pines.
		Only acacias and apples will be planted in the player-requested tunnels.
		Oddly, these are exactly the two trees that have related bushes defined in the game.
	</p>
	<p>
		Also of note, I thought I&apos;d use the widths of different tree types to manipulate the placement of trees so the trees rows would be just the length I wanted them to be to reach the very ends of the main lines.
		However, when checking the schematics when I got home to look for other tall trees (which is when I identified the aspen as belonging in the main lines instead of player tunnels), I found all trees have the same width, five metres, save for one: the acacia tree, which has a width of of nine.
		There won&apos;t be any tree row hacks for the main line, and the tree placement there will look as grid-like as before these new developments.
	</p>
</section>
END
);
